media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In v4l2_detect_gtf(), it seems safer to cast the 32-bit image_width
variable to the 64-bit type u64 before multiplying to avoid
a possible overflow. The resulting object code even seems to
look better, at least on x86_64.

Found by Linux Verification Center (linuxtesting.org) with Svace.

[Sergey: rewrote the patch subject/descripition]

Fixes: c9bc9f50753d ("[media] v4l2-dv-timings: fix overflow in gtf timings calculation")
Cc: stable@vger.kernel.org
Signed-off-by: Karina Yankevich <k.yankevich@omp.ru>
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>

authored by

Karina Yankevich and committed by

Hans Verkuil 1 year ago 3edd1fc4 11de3582

+2 -2

1 changed file

expand all

drivers

media

v4l2-core

v4l2-dv-timings.c

+2 -2

drivers/media/v4l2-core/v4l2-dv-timings.c

··· 764 764 u64 num; 765 765 u32 den; 766 766 767 - num = ((image_width * GTF_D_C_PRIME * (u64)hfreq) - 767 + num = (((u64)image_width * GTF_D_C_PRIME * hfreq) - 768 768 ((u64)image_width * GTF_D_M_PRIME * 1000)); 769 769 den = (hfreq * (100 - GTF_D_C_PRIME) + GTF_D_M_PRIME * 1000) * 770 770 (2 * GTF_CELL_GRAN); ··· 774 774 u64 num; 775 775 u32 den; 776 776 777 - num = ((image_width * GTF_S_C_PRIME * (u64)hfreq) - 777 + num = (((u64)image_width * GTF_S_C_PRIME * hfreq) - 778 778 ((u64)image_width * GTF_S_M_PRIME * 1000)); 779 779 den = (hfreq * (100 - GTF_S_C_PRIME) + GTF_S_M_PRIME * 1000) * 780 780 (2 * GTF_CELL_GRAN);